According to Gartner the digital footprint of companies expanded so much during pandemic, so this introduced us with new security challenges, security trends and new kind of attacks. These events lead companies to reframe their security practice, rethink on technology and find ways to respond to new threats.
To start with, the increased scale and complexity of digital organizations change the approach of the obsolete centralized security management. It is a tendency to decentralize security decisions to different part of the organization. That means different security leaders to lead different part of the organization to make this management more effective. Social engineering based successful security attacks and decisions made by business technology leaders has changed the security awareness programs effectiveness. Security leaders must invest in security behavior and culture programs.
When thinking about technology shift, it is the technology itself, the complexity of security infrastructure is increasing when new technologies arrive each year. However, coping with the increased complexity is not preferred with the restricted human resources. During the last 10 years we have witnessed that IPS and proxy kind of technologies lost market share in total security market due to new generation firewall and UTM solutions. It is a widespread tendency nowadays to use IPS on firewall devices even in highly regulated and attacked industries like finance companies. Consolidated security technology usage is still a need and will be in place in the following years with the increasing cloud adoption and increasing attack surface. Companies start working in hybrid environments; different public clouds, on-prem and DRC sites usage, branches and home office adoption necessitate usage of security implementation on each site. SASE and XDR are the solutions that most companies are planning to use in the following years for the sake of this security consolidation need.
With the expanded digital footprint of companies the visibility of companies decreased and there are now blind spots in the environment that is targeted by attackers. During the last year two changes in the attack landscape became more obvious. The first one is exploitation of identity. Credential misuse leading to increase in security incidents. Indeed, more complicated attacks target identity system itself. This may cause the identification of the attack itself. The second important attack domain is the digital supply chain. Vulnerabilities embedded in digital supply chains are often difficult to detect and thousands of applications or devices simultaneously be impacted.
In summary, new security trends with the increased cloud adoption and digital footprint of companies and with limited resources it is now necessary to change the effectiveness of security leadership by segmentation of the organization, to consolidate the security technologies and cope with new kind of attacks targeting identity and supply chains.